Secure your Microsoft account with 2-factor authentication

Secure your Microsoft account with two-step verification

Almost every week you hear about a security breach somewhere and passwords have been stolen. Could someone access your Microsoft account? Not if you secure it with 2-factor authentication.

What is 2FA?

If someone has your username or email address, and your password, they can log in to most online services, but with two factor authentication (2FA) enabled, they would need to have your mobile phone too.

2FA is an extra security feature that can be enabled with some online services, including your Microsoft account that is used to log into Outlook.com, the Windows 10 Store, Groove Music, Xbox Live, and other Microsoft services.

It works like this: When you log in to any Microsoft service with your Microsoft account, it asks for your username and password as usual. If this is the first time this computer or device has been used to access your account, you are asked to enter a secret code too.

This must be entered in order to authorise the computer or device and it only happens once. Thereafter it is already authorised so no code is needed.

The code is provided by your mobile phone, so if a hacker for example, has your username and password, they still cannot access your account because they don’t have your phone with the secret code on.

2FA is an inconvenience because the first time you use an unknown computer, phone or tablet, you are asked to authorise it with a username, password and code from your phone.

All computers and devices are unknown when new or when you turn on 2FA. You must authorise them, then they work as normal.

Some 2FA setups are quite straightforward and take only a minute or two, but Microsoft’s 2FA seems long winded, complicated and confusing. I’ll try to make some sense of it and point you in the right direction at key places.

Log in

Go to onedrive.com or outlook.com and log in. Click your picture in the top right corner and select Account settings on the menu that is displayed.

Security & Privacy

Click Security & Privacy in the blue menu bar and then on the left underneath Account security on the next page, click More security settings.

Identity verification app

You might be asked to sign in again, for extra security. On the screen that appears next, scroll down until you come to Identity verification apps. Click Set up identity verification app.

Some online services that use 2FA send a text message with the secret code to your phone. Microsoft uses an app to generate or receive codes instead. There are apps for Android phones, the iPhone and Windows Phone. Select the one you want and click Next.

Install the app

The app to install from the Google Play Store is called Microsoft account, and the iPhone app is called Google Authenticator. Yes, a Google app on an Apple iPhone is used to authentic a Microsoft account on your Windows PC. It’s weird, but true.

Install the appropriate app and follow any instructions for setting it up. Codes can be sent to the app by Microsoft and the app can generate codes on its own for Microsoft. This enables the app to be authenticated and then it can produce codes to authenticate computers and devices.

Two-step verification

After setting up the app on your phone, return to Security & Privacy on your PC. Scroll down and find Set up two-step verification (another name for two factor authentication).

Email on your phone

On the next screen is information about Outlook.com. If you use the Outlook app on Android or iOS, or have set up the Mail app on your iPhone to read your Outlook.com email, you might need these items here. Click the link to see the instructions.

Check your email on your phone, tablet, computer and see if it is working. If you are asked for a code, use Microsoft account on Android and ask it to get a code, or Google Authenticator on the iPhone. If you are asked for a new password, click the links above to get one.

Enter the code or password and everything should be OK and back to normal. Your email should work OK and you won’t be asked for the code or password again.

Keep your phone with you, you never know when you might be asked for a code. You can’t store them because a new one is generated every 10 seconds. It also means you can’t hang about when copying a code when asked for it. Take more than 10 seconds and it will expire.

Summing up

So basically you install and set up either Microsoft account app on your Android phone or Google Authenticator app on your iPhone. These are then used to authorise any computer or other device, such as a tablet by generating a code.

2FA or 2-step verification is a pain, but it does make your account much more secure and far more difficult to steal or hijack. It is worth the hassle.